Had it been around in the 2010s, the Nacha account validation rule may have prevented a scammer from invoicing Google and Facebook for more than $100 million. As a form of deterrence, it removes much of the opportunity for perpetrators to commit fraud.
However, the rule is also beneficial for detecting false account details. Learn all about the Nacha account validation rule, and how to implement it at your company.
Trustpair provides international and ongoing account validation in order to prevent fraud and comply with regulations like Nacha’s account validation.
How does the Nacha account validation rule work?
The Nacha account validation rule concerns businesses planning to receive payments from customers through the automated clearing house (ACH) network.
These businesses are required to validate first-time payees. This ensures that the account details that were given match the bank account owner. In other words, customers, vendors, and all those recipients of ACH payments are who they say they are.
How each institution validates this information is their choice and responsibility – as there are several compliant and effective methods. This includes the likes of instant verification (the gold standard), alongside microdeposits and pre-notifications. Either way, it guarantees that web debit entries are screened according to the rules in order to decrease the risk of fraudulent transactions.
The rule was announced in March 2021 and has been enforced ever since March 2022.
ACH originators are required to screen the web debit accounts on the first transaction (ie. the first purchase from a business partner), or upon any changes to their account details. Perhaps it’s a returning vendor who uses a new card to pay since their old business credit card has expired. These are the situations where Nacha account validation is required.
Why is it important to be Nacha compliant?
The main reason for the introduction of Nacha account validation rule, and for compliance from businesses, is to reduce the risk of fraud. Implementing a “commercially reasonable fraud detection system” will enable businesses to screen web debits and detect invalid accounts.
For example, a fraudster might attempt to make a wholesale order from you, by impersonating a partner in your supply chain. By ‘paying’ through ACH debits, which typically takes 3-5 days to process, your company may ship out the order before receiving the payment. It’s only after your business receives a notification from the ACH network that they realize the partner is in fact a fraudster and gave fake details to pay for the item in question. This is called vendor fraud.
Moreover, being Nacha compliant enables organizations to operate with transparency by ensuring that they don’t collaborate with money launderers or terrorist financiers. And without detection, both could cause significant financial and reputational damage that can be hard to overcome. Therefore, being able to prove the good nature of customers and third parties through ACH payment validation can help to protect the good reputation of the business.
How to be compliant with the account validation rule?
As mentioned, Nacha allows organizations to work with any commercially reasonable solution in order to comply. Here are three of the most popular options for account validation:
- Instant verification
|Micro deposits||Free to use, accurate, and reliable||Can take several days to process, disrupting customer experience|
|Pre-notifications||Work in real-time or thereabouts||Still leaves a small chance of fraud|
|Instant validation||Works in real-time to prevent last-minute changes by fraudsters||n/a|
Microdeposits occur when the customer inputs their account information manually before they can make a purchase. It takes one or two working days to deposit a very small amount into the customer’s account. He then must verify the exact amount with your system. Typically, the amount is under $1. This method is also called Penny-dropping account validation.
Microdeposits can be beneficial for the originator because they validate account holders with accuracy and reliability. They are also free for the business issuing them – offering a low barrier to entry.
However, the length of time associated with this account validation method, even though it’s a one-time occurrence, can cause friction within the sales process for the consumer. Many customers won’t be bothered to come back to your online store days after they initially wanted to make their purchase.
Thanks to the high convenience elsewhere, this method might mean that your business does not meet customer expectations.
Pre-notifications are zero-dollar transactions that are credited or debited from user accounts. As long as the business doesn’t receive an ACH return, it’s considered successful.
Pre-notifications can be advantageous. They typically work in real-time, or with a lag of only a short minute or two, compared to microdeposits.
However, if a fraudster gets hold of somebody else’s additional details, there is a chance that they could get around pre-notifications.
For example, imagine that a vendor fraudster submits a fake invoice (learn more about invoice fraud in this article), and gives their own account details. While these don’t match the rest of the information, the ACH transaction would still be considered a success, because they are somebody’s account details and the payment goes through. It wouldn’t result in an ACH return, meaning that the perpetrators can still get away with fraud.
Instant verification works by relying on a third-party platform like Trustpair. The customer enters their account information, and this data is validated in real time by comparing it to international banking databases.
For example, imagine that your business is attempting to verify a new supplier. Trustpair finds information on company name, address, bank details, bank branch, and even if the company appears on any blacklists. Large numbers of these checks can be performed at once. This means that it’s viable for enterprises operating at a high transaction scale.
By performing these checks in real-time (i.e. when payments are requested), Trustpair can prevent any fraudulent last-minute requests to change the bank details. The platform works with automation. This means any suspicious or unidentifiable third parties are blocked from receiving your business’ hard-earned cash.
This not only complies with the Nacha account validation rule but also the SOX law regulation. Get in touch to experience your very own demo of Trustpair.
The Nacha account validation rule relies on ACH originators verifying the customers or third parties that they will debit. To prevent fraud, companies can perform microdeposits, pre-notifications, or instant verifications. Solutions like Trustpair facilitate instant verifications and work to prevent the financial effects of fraud.